Juha Heinanen writes: > does the module check that reply to the request from uas really includes > the added parameter in its r-r header or is correct operation of > in-dialog requests at the mercy of the uas?
answering to myself, i read the source code and looks like restore_from_reply function does not check that the r-r param that was added when request was processed, was copied by uas to the reply or that the reply contains the r-r header that the proxy added to the request. isn't this a security risk? even without the from replacing business, shouldn't proxy ALWAYS check that the reply contains the r-r header that it added? if it does not, the uac can be fooled to send in-dialog requests to somewhere else (unless it is configured to always use this proxy as its next hop). so if proxy receives a request that contains a (possibly missing) r-r header: r-r: a,b and it adds itself (c) there r-r: a,b,c when reply comes back, shouldn't the proxy check that the r-r header in the reply starts with r-r: a,b,c if not, what am i missing here? -- juha _______________________________________________ Kamailio (OpenSER) - Users mailing list [email protected] http://lists.kamailio.org/cgi-bin/mailman/listinfo/users http://lists.openser-project.org/cgi-bin/mailman/listinfo/users
